Hi
I'm a newbie with the routerOS software.
I'd like to open upd port 500 and 4500 for an internal ip addresse (e.g. 192.168.88.113)
Traffic should go in both direction! means internal to external and external to internal
How can I do that via Webinterface?
What do I have to enter where?
Thank you very much
-
-
ronybaalbaky
just joined
- Posts: 3
- Joined:
Re: open firewall port
please explain more , do you want to do port forwarding you mean ?
Re: open firewall port
I'd like to open the two udp ports (500 and 4500) so that traffic can be allowed.
Allow traffic from internal to external over UDP Port and also from external to internal
Allow traffic from internal to external over UDP Port and also from external to internal
Re: open firewall port
It depends on your config but I assume you are using a 'default' SOHO config.
If so you are NAT-ting from your local LAN to the outside.
Only thing you need to do is create a NAT rule and a firewall filter allowance rule for each port
If so you are NAT-ting from your local LAN to the outside.
Only thing you need to do is create a NAT rule and a firewall filter allowance rule for each port
ros code
/ip firewall nat add chain=dstnat action=dst-nat in-interface=<your WAN interface> protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500 add chain=dstnat action=dst-nat in-interface=<your WAN interface> protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500If you have a static WAN ip, you could add dst-address=<your WAN IP> to each line
ros code
/ip firewall filter add chain=forward action=accept protocol=udp dst-address=192.168.88.113 dst-address=500 in-interface=<your WAN interface> add chain=forward action=accept protocol=udp dst-address=192.168.88.113 dst-address=4500 in-interface=<your WAN interface>
Re: open firewall port
If put in this:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
then i'm getting following error/message:
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
expected end of command (line 1 column 113)
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
expected end of command (line 1 column 114)
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
then i'm getting following error/message:
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=500 to-address=192.168.88.113 to-address=500
expected end of command (line 1 column 113)
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=udp dst-port=4500 to-address=192.168.88.113 to-address=4500
expected end of command (line 1 column 114)
Re: open firewall port
My mistake. I wrote to-address twice. The second one in each line should be to-ports. Possibly it also could be to-adresses. I'm writing out of my head and not tested the commands for typo's